AAPL Stock: 112.01 ( -0.53 )

Printed from

Safari 5.0.1, 4.1.1 security fixes include AutoFill patch

updated 11:45 am EDT, Wed July 28, 2010

Closes major security hole

The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.

The upgrades also solve a problem with RSS feeds, which could be used to trigger uploads to a remote server. All other security improvements are directed at the WebKit engine, which could potentially be exploited through holes in handling of JavaScript, expressions, SVG files, CSS counters and other elements.

The Safari 4.1.1 update applies only to Mac OS X 10.4.11, and is a 29.53MB download.

by MacNN Staff





  1. testudo

    Joined: Dec 1969


    I wonder

    Gee, do you think this autofill issue was fixed because the guy made it public, or it took them this long to actually address the issue (which has actually been around for a while in various forms)?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...


Most Commented